Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Julie DiMauro: Let’s keep the compliance monitor’s report confidential

The use of corporate monitors by judicial and regulatory government agencies to verify an organization’s compliance with settlement agreements and orders resolving corporate accountability continues to rise. The growing use of monitors has raised questions about the privacy of their reports and the public’s access to their findings.

To support and protect important and sensitive data-collection efforts and the level of trust monitors require to perform their jobs, these reports to the government and courts should remain completely off-limits to the general public, including litigants to separate causes of action.

In July 2013, Eastern District of New York Judge John Gleeson approved a five-year Deferred Prosecution Agreement (DPA) with HSBC Bank USA N.A. and HSBC Holdings plc, after the companies were found to be in violation of the Bank Secrecy Act for failing to maintain an effective anti-money laundering (AML) program.

In so doing, Judge Gleeson held that a district court has the authority to approve or reject a DPA and to supervise its implementation. The HSBC DPA requires the bank to retain an independent compliance monitor to ensure that it fulfills the terms of the DPA and implements recommended remedial measures.

The monitor completed its first annual report and submitted it to the Department of Justice (DOJ), which the DOJ summarized in a quarterly report and gave to Judge Gleeson. The judge requested the full copy of the monitor’s 1,000-page report, which the bank and the DOJ requested be submitted under seal. The monitor and his team have nearly completed the second annual report and are on target to deliver it to the DOJ on January 20.

In November 2015, a private individual, Hubert Dean Moore, who used to have a mortgage with HSBC, sued to have the monitor’s first annual report unsealed by the court. He sent a letter to Judge Gleeson, arguing that he should be provided access to the monitor’s report to help support a complaint he had filed with the Consumer Financial Protection Bureau (CFPB).

This action prompted the DOJ to file its opposition to the court on December 11, arguing that the report was not a “judicial document” to which the public should have access.

The DOJ noted that the DPA contained language regarding the parties’ intent to keep the monitor reports non-public and described how the Department believes such a public disclosure would impede the monitor’s ability to fulfill his responsibilities.

HSBC said publishing the monitor’s report would undermine the purpose of the monitoring by compromising the monitor’s and government’s ability to assess HSBC’s progress in improving its anti-money laundering and sanctions compliance programs.

The bank said publication would “negatively affect the ability of HSBC’s financial regulators to fully discharge their supervisory responsibilities over HSBC,” and would provide criminals seeking to engage in activities such as money laundering or terrorist financing a road map for exploiting current weakness in the anti-money laundering and sanctions programs at the institution.

The corporate monitor’s role is to ensure that the company not only meets the financial terms of its settlement agreement, but, more importantly, to make sure the company enhances its compliance and ethics program, policies, procedures and processes to prevent these issues from occurring again.

The corporate monitor begins executing his or her duties by developing a work plan that will include a timeline for reaching certain milestones.

Inherent in the corporate monitor’s work plan is the ability to learn about and get to know the company, its employees and its clients or customers. This allows the corporate monitor to understand the culture and risk tolerance of the company in a way that goes beyond examining documents.

For a compliance monitor to be effective, his or her candid discussions with those inside the company and others rests on a level of trust and privacy that would be compromised if their reports were made public. It is also a disincentive to those who would want to serve as a compliance monitor that their work product could be dissected by other litigants or any other member of the public, undercutting their independence.

Let’s hope the monitor’s report stays sealed and that the terms of the agreement among the parties are honored.


Julie DiMauro is a contributing editor of the FCPA Blog. She works in the Regulatory Intelligence group at Thomson Reuters in New York. Follow Julie on Twitter @Julie_DiMauro and email her at [email protected].

Share this post


1 Comment

  1. Ms. DiMauro is absolutely correct in her assessment and rationale. I would add two more compelling reasons for maintaining the confidentiality of these reports, based upon my own experience working with financial institutions and corporations under these and other circumstances. First, the banks and other companies under order pay a lot of money for the expertise and insight that good consultants (acting as monitors) bring to these matters. The investment results in work product that frequently recommends changes to policies and procedures, better ways of approaching a problem, and recommendations for improving upon governance and oversight, based upon the consultants' years of experience and expertise. Releasing the work product would unfairly compromise the consultants methodologies, techniques, deliberative process and other expertise.

    Lastly, many state regulators in the banking space would identify the resulting compliance reports as "supervisory materials" and these may be viewed as highly confidential, with penalties for disclosure in some cases. Recall the case of Deloitte and its $10 million reprimand in 2013 by the New York State Department of Financial Services for violating New York Banking Law § 36.10 by disclosing confidential information (AML compliance reports) of other Deloitte clients to Standard Chartered, during Deloitte's oversight of Standard Chartered.

Comments are closed for this article!